Abstract

Introduction

Crisis management is often considered as the short-term, reactive strategy to handle emergencies, while critical infrastructure resilience is a long-term, proactive approach to reduce vulnerabilities and enhance stability. Both are essential for security and stability, but how do they complement each other?

Resilience is a concept that spans different domains (physical, information, cognitive or social) and has different capacities, abilities, or principles^[1] in face of different adverse events.  These events can be categorized as slow-onset or rapid-onset based on how quickly they manifest and escalate. Climate change, geopolitical tensions or rising unemployment can be considered as a slow-onset events. Natural disasters, stock market crash, or power grid failures are examples of rapid-onset events.

Event such as pandemic falls into both categories. It might initially spread slowly before reaching global impact, but there could be transitions to rapid-onset event during a critical period. Understanding this dual nature is therefore crucial for effective pandemic preparedness and response strategies. Healthcare systems, or critical infrastructures in general can experience near-instant service degradation due to a surge in cases, causing a rapid shift from containment to crisis management.

In this context, we can also mention many EU efforts, starting from the European programme for critical infrastructure protection (Directive 2008/114 [1]), which establishes a procedure for identifying and designating European CI, to a more recent Directive on the Resilience of Critical Entities (CER Directive, [2]) that entered into force on 16 January 2023. In contrast to the previous approach, with more focus on prevention and mitigation, CER directive also focuses on the response and the rapidity of recovery during and after the event.

SUNRISE (Strategies and Technologies for United and Resilient Critical Infrastructures and Vital Services in Pandemic-Stricken Europe) is a project, co-funded by the European Commission, that considers lessons learned from COVID-19 pandemics, as well as the related challenges for critical infrastructures (CI) operators to come up with solutions that would help in improving their resilience. Project approach is user-driven with national, as well as the cross-country workshops conducted in a systematic manner to shape challenges and requirements for the design of the system.

This paper explains the main project concepts and brings them in relation to crisis management process that involves identifying potential crises, preparing for them, responding to them, and mitigating their potential damages. Organizations and government entities must be prepared to handle sudden crises, linked to unexpected rapid-onset events that occur without warning, as well as other types of crises, such as those caused by the failure to respond effectively to early warning signs, including health crises, cybersecurity breaches, or critical infrastructure failures.

The SUNRISE objectives are addressing both strategic level with scenario-based planning and simulation tools, as well as awareness of the dynamic threat landscape related to and implied by pandemics, often observed at the operational level, where several technological solutions have been implemented.

We will show how resilient infrastructure reduces the severity of crises, making crisis management efforts more effective, while crisis management can support continued operation or quick restoration of critical infrastructures.

Structured response based on observation and orientation, resource optimization or stakeholder engagement and collaboration, will also be addressed in scenarios which include “threat multipliers”. Finally, the use of artificial intelligence technologies in SUNRISE, for example in demand prediction or in anomaly detection, will also be explained.

Methodology

The current critical infrastructures (CI) and supporting information systems have evolved into a highly distributed infrastructure, crossing several domains, such as energy, transport, healthcare, or finance. This complexity, and relatively poor collaboration and data sharing between CI domains, makes them increasingly vulnerable. We describe the current situation in critical infrastructure protection and resilience, before moving to project set-up and strategy overview. The basic hypothesis is that different stakeholders (e.g. CI operators), different decision-making levels (strategic, tactical and operational) and different types of adverse events and scenarios, including threat multiplication scenarios, require flexible strategies and solution. We also argue that for the fast-changing situations and contextualization of the available information in rapidly changing circumstances, approach based on Observe, Orient, Decide, Act (OODA) loop is more appropriate than Plan, Do, Check, Act (PDCA) approach, which is often used at strategic level for mid to long term planning. We will present the project main results, before diving into the specific example of cyber-physical resilience tool.

This solution uses model able to adapt rapidly to changing operating condition values, such as workforce absenteeism or threat probability, and is also addressing:

• Awareness of the dynamic cyber threat landscape related to and/or implied by pandemics.
• Improved estimations of probability and impact needed in risk assessments for cyber threats under temporary conditions
• Increased collaboration among the CI operators from different industry sectors, public authorities, and other stakeholders.

Main results

When it comes to CI, types of assets are different in each sector, and impacts can be different (e.g., availability of CI might have large consequences on the overall economy). Demand of critical goods to ensure business continuity or uncertain availability of skilled workers are examples of pandemic specific risk indicators to be considered. Physical indicators are related to unauthorized access to hardware, or detection of malicious or unknown hardware components and terminals. Human indicators are related to training and awareness, psychological or behavioral risks, including trust, urgency, fear, greed, helpfulness, or curiosity. Pandemic event also brings supply chain risks, imbalance in the workload, weak coordination, parallel decision making, lack of integrated health protocols, employee turnover, etc.

Besides SUNRISE strategic framework, which is also supported by a specific tool, another four solutions have been developed to deal with operational challenges during pandemics: risk-based access control (RIBAC), demand prediction and management (DPM) tool, solution for cyber-physical resilience (CPR), and remote infrastructure inspection (RII) solution. In this paper we will introduce all tools, before covering in more details CPR [3], consisting of four main modules (AI-powered log monitoring, security risk assessment tool, incident response management tool and threat intelligence sharing platform).

[1] Definitions differ in literature but usually span some kind of division into prepare/absorb/recover/adapt